Hackers Use DIY Botnets To DDoS Xbox Gamers

In the past few weeks, we've noticed a steady increase in posts like this and this.
Everywhere you look, people are suddenly curious as to how you "boot"
someone from online videogames. They're not entering this rather famous joypad combination
to do it - rather, they're dabbling in somewhat more sinister methods
of tampering with gamers playing on XBox Live.

Namely - Botnets. In a big way too, from the looks of things.What is XBox Live?

Xbox
Live is an online multiplayer gaming and digital media delivery service
created and operated by Microsoft Corporation. Pay for a Live account,
and you can shoot other gamers online all day long on Halo 3, or maybe
download some premium content such as movies, trailers etc.

Live has long been the subject of social engineers and hackers - fooling people into handing over their logins and making fake Points generators
stuffed with Trojans and keyloggers to steal login info has been going
on seemingly forever. There is another area of Live exploiting that's
not been looked into much - that of "booting" other players from games
via external means.

How is this done?

Well,
typically someone will connect their XBox to their PC via a crossover
cable (or via their wireless connection), join a multiplayer game then
sniff the traffic (you can see a tiny example of that from the first
screenshot at the top of the article). They might use this method to
grab ip addresses (though it can be a little over complicated for the
wannabe hacker), or they might resort to social engineering tactics
away from the gaming environment. However they go about it, they need
an ip address if they intend to boom, headshot their victim.

In
this case, we have something rather interesting that's quickly becoming
mainstream after spending a long time in the underground -
combining custom made tools to create Botnet drones, specifically
created to knock XBox Live gamers out of whatever game they happen to
be playing at the time.

The bundle currently doing the rounds is pretty slick, and combines two tools distributed in a single AIO - it actually sits in the system tray (first icon on the left) until you feel like exploring it further.

Here's
the two applications that work the "Magic" in this particular package,
when you get tired of looking at the nice icon in your system tray:

Click to Enlarge

Click to Enlarge

Both
of these programs pretty much do the same thing - facilitate the
ability to DDoS people from the XBox Live network (note the default
port for both programs is 3074, which is required to be open for XBox
Live to function).

How do they do it?

Well, the bundle comes with two "vanilla" Bots:

...although
really, the Bots can be anything you like. You don't have to use the
supplied files, though of course this is designed to be a
DIY-in-minutes kit (humorously, both files point to a pre-existing
Botnet so anyone foolish enough to run these EXEs while trying to
create their Botnet empire is going to find themselves a drone for the
original creator).

After creating a host with a service such as
no-ip.info that points to your own ip address, you insert that host
into the ready-to-roll code in the Bot file. At that point, all you
need to do is send your victims the EXE, convince them to run it on their PC and
they'll start reporting back to your Booter program as willing DDoS
drones. Here's a (somewhat blurry) screenshot lifted from a popular
Youtube video currently in circulation of an attack in progress on an
XBox gamer:

As you can see, the attacker "only" has four bots, but the
instructions that come with the programs tend to advise "between forty
and sixty". This is now, as you might imagine, all the rage.

The
big incentive here, of course, is money. There seems to be quite a
lucrative market for angry gamers looking to get revenge on whoever
happened to headshot them the day before - we have some screenshots of
sites where these "XBox DDoS Botnets" can be created from scratch for
paying customers, along with a nifty price list to get things moving.

As I said earlier, some of these tactics and techniques
have been around for some time - but you only need to take a quick look
around hacking forums and sites such as Youtube & Yahoo Answers to
see this is rapidly becoming more and more interesting to angry 14 year
olds with too much time on their hands.

What can you do about
it?Well, sadly for now the answer is "not a lot". You can never be
sure when playing online just who has their finger on the trigger ready
to nuke you from orbit with a Botnet DDoS. The problem will only get
worse as money keeps changing hands and suddenly every rage fuelled
gamer who had a dream of really getting even suddenly has the power to
do so even after the "Game Over" screen has flashed up.

Perhaps the best solution is just to let that annoying fourteen year old claim his headshot and go back to playing chess...

Categories:

Tags:

2 Comments

Requires quite a bit of preplanning, might be effective for cheating in high level online games, but otherwise a lot of work to kick someone out of a single round of a game, especially if they have a dynamic IP (meaning they could easily come back online). Not many 14-year olds are going to have control of any sort of botnet. It's probably harder for most to buy access to a legit botnet than create a virus that would make their own (lots of scammers out there). Finally, not all Xbox Live games are going to establish direct connections to every other player.

1) Lots of people now have fixed IPs for quite some time. You can unplug your router and release as much as you want, but generally a lot of gamers are stuck with the same IP. Many gamers also choose packages where their IP remains static so they can set up hosted matches quickly (depending on platform of course, some services simply switch the host to whoever has the lowest latency and keep switching it).

My IP doesn't change for weeks at a time regardless of what I do to it, and I just have a standard DSL connection.

2) "Not many 14-year olds are going to have control of any sort of botnet."

My first thought on this is that that's PRECISELY why smart hackers are offering up paid-for services to set up and in some cases maintain the nets for the kids. My second thought is that as a security researcher myself, I see kids around that age getting involved in botnet booters all the time. You only need to check some of the vids on youtube out to see proof of that, or hang out on some of the forums where these kinds of tools are promoted.

3) "It's probably harder for most to buy access to a legit botnet than create a virus that would make their own (lots of scammers out there)."

If someone can't summon up $20 to have someone create a full botnet, they're probably not going to be able to work out how to build a bot from scratch, then distribute it, then control the net either. Kids are rolling in money. As far as the scammers are concerned, there's a LOT of sites out there that have been setting these nets up for people for a long time - sure, there's scammers - but anyone who actually wants one of these nets will quickly find out who is a trusted source and who isn't, just like anything else in life.

Finally:

" Finally, not all Xbox Live games are going to establish direct connections to every other player."

Not all, but the majority of games are hosted by one of the players. There's only a handful of games like Left 4 Dead I can think of that run dedicated servers. There's certainly enough player run games out there for people using these to cause some problems.